Oracle Glitch Sparks Multi-Million Dollar Liquidations on Aave
Aave’s Correlated Asset Price Oracle (CAPO) misconfigured the price of wrapped staked Ethereum (wstETH) on March 10, 2026, leading to $27 million in liquidations across 34 user accounts. A 2.85% pricing error resulted in substantial losses, emphasizing vulnerabilities in decentralized finance protocols reliant on external price feeds.
The incident unfolded when an off-chain algorithm encountered a synchronization failure while updating the exchange rates for wstETH, which were inaccurately reported as approximately 1.1939 wstETH per ETH instead of the correct rate of approximately 1.228. The built-in limitations of the Aave protocol restricted the parameters’ adjustments to a maximum increase of 3% every three days, leaving a discrepancy that created financial chaos. Positions that were otherwise solvent appeared under-collateralized, triggering automated liquidations.
The Liquidation Mechanics
The glitch predominantly impacted high-leverage E-Mode positions, with approximately 10,938 wstETH involved in the cascading liquidations. This systemic failure allowed liquidation bots to capitalize, extracting about 499 ETH (valued at roughly $1.2 million) through liquidation bonuses and arbitrage opportunities. Despite the scale of the incident, Aave reported its protocol remained solvent, with zero bad debt recorded.
Interestingly, the Aave protocol managed to recover 154 ETH through refund mechanisms and liquidation fees. Aave’s Decentralized Autonomous Organization (DAO) proposed to cover any remaining losses from its treasury, ensuring full reimbursement for affected users.
Regulatory and Technical Repercussions
Aave’s founder, Stani Kulechov, commented on the incident, emphasizing that there was “no impact to the Aave Protocol.” The organization has since launched a comprehensive review of the CAPO system’s parameters across all markets, contemplating the formalization of automated synchronization requirements to avert similar misconfigurations in the future.
The incident underscores significant concerns for decentralized finance platforms reliant on oracles for price data. As smart contracts automate lending and liquidation processes based on oracles, any inaccuracies can translate into substantial financial losses for users. This event further raises questions about regulatory standards for data accuracy and transparency in decentralized finance.
Analysts suggest that the Aave incident may compel greater scrutiny from regulators, focusing on how price discrepancies can catalyze widespread losses in cryptocurrency markets. Improved oversight mechanisms could enhance the reliability of pricing feeds while safeguarding investor interests.
